devise-security 0.12.0 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE.txt +3 -1
- data/README.md +199 -65
- data/app/controllers/devise/paranoid_verification_code_controller.rb +28 -12
- data/app/controllers/devise/password_expired_controller.rb +34 -10
- data/app/views/devise/paranoid_verification_code/show.html.erb +4 -4
- data/app/views/devise/password_expired/show.html.erb +6 -6
- data/config/locales/bg.yml +42 -0
- data/config/locales/by.yml +50 -0
- data/config/locales/cs.yml +46 -0
- data/config/locales/de.yml +33 -7
- data/config/locales/en.yml +26 -1
- data/config/locales/es.yml +31 -6
- data/config/locales/fa.yml +42 -0
- data/config/locales/fr.yml +42 -0
- data/config/locales/hi.yml +43 -0
- data/config/locales/it.yml +36 -4
- data/config/locales/ja.yml +42 -0
- data/config/locales/nl.yml +42 -0
- data/config/locales/pt.yml +42 -0
- data/config/locales/ru.yml +50 -0
- data/config/locales/tr.yml +42 -0
- data/config/locales/uk.yml +50 -0
- data/config/locales/zh_CN.yml +42 -0
- data/config/locales/zh_TW.yml +42 -0
- data/lib/devise-security/controllers/helpers.rb +74 -51
- data/lib/devise-security/hooks/expirable.rb +6 -4
- data/lib/devise-security/hooks/paranoid_verification.rb +3 -3
- data/lib/devise-security/hooks/password_expirable.rb +5 -3
- data/lib/devise-security/hooks/session_limitable.rb +31 -14
- data/lib/devise-security/models/active_record/old_password.rb +5 -0
- data/lib/devise-security/models/compatibility/active_record_patch.rb +41 -0
- data/lib/devise-security/models/compatibility/mongoid_patch.rb +32 -0
- data/lib/devise-security/models/compatibility.rb +8 -15
- data/lib/devise-security/models/database_authenticatable_patch.rb +20 -10
- data/lib/devise-security/models/expirable.rb +14 -7
- data/lib/devise-security/models/mongoid/old_password.rb +21 -0
- data/lib/devise-security/models/paranoid_verification.rb +4 -2
- data/lib/devise-security/models/password_archivable.rb +19 -8
- data/lib/devise-security/models/password_expirable.rb +103 -48
- data/lib/devise-security/models/secure_validatable.rb +69 -12
- data/lib/devise-security/models/security_questionable.rb +2 -0
- data/lib/devise-security/models/session_limitable.rb +19 -2
- data/lib/devise-security/orm/mongoid.rb +7 -0
- data/lib/devise-security/patches/controller_captcha.rb +2 -0
- data/lib/devise-security/patches/controller_security_question.rb +3 -1
- data/lib/devise-security/patches.rb +16 -8
- data/lib/devise-security/rails.rb +2 -0
- data/lib/devise-security/routes.rb +4 -3
- data/lib/devise-security/validators/password_complexity_validator.rb +62 -0
- data/lib/devise-security/version.rb +3 -1
- data/lib/devise-security.rb +23 -11
- data/lib/generators/devise_security/install_generator.rb +6 -6
- data/lib/generators/templates/devise_security.rb +52 -0
- data/test/{test_captcha_controller.rb → controllers/test_captcha_controller.rb} +2 -0
- data/test/controllers/test_paranoid_verification_code_controller.rb +133 -0
- data/test/controllers/test_password_expired_controller.rb +164 -0
- data/test/controllers/test_security_question_controller.rb +66 -0
- data/test/dummy/Rakefile +3 -1
- data/test/dummy/app/assets/config/manifest.js +3 -0
- data/test/dummy/app/controllers/application_controller.rb +2 -0
- data/test/dummy/app/controllers/captcha/sessions_controller.rb +2 -0
- data/test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb +7 -0
- data/test/dummy/app/controllers/overrides/password_expired_controller.rb +17 -0
- data/test/dummy/app/controllers/security_question/unlocks_controller.rb +2 -0
- data/test/dummy/app/controllers/widgets_controller.rb +9 -0
- data/test/dummy/app/models/application_record.rb +10 -2
- data/test/dummy/app/models/application_user_record.rb +12 -0
- data/test/dummy/app/models/captcha_user.rb +7 -2
- data/test/dummy/app/models/mongoid/confirmable_fields.rb +15 -0
- data/test/dummy/app/models/mongoid/database_authenticable_fields.rb +18 -0
- data/test/dummy/app/models/mongoid/expirable_fields.rb +13 -0
- data/test/dummy/app/models/mongoid/lockable_fields.rb +15 -0
- data/test/dummy/app/models/mongoid/mappings.rb +15 -0
- data/test/dummy/app/models/mongoid/omniauthable_fields.rb +13 -0
- data/test/dummy/app/models/mongoid/paranoid_verification_fields.rb +12 -0
- data/test/dummy/app/models/mongoid/password_archivable_fields.rb +11 -0
- data/test/dummy/app/models/mongoid/password_expirable_fields.rb +12 -0
- data/test/dummy/app/models/mongoid/recoverable_fields.rb +13 -0
- data/test/dummy/app/models/mongoid/registerable_fields.rb +21 -0
- data/test/dummy/app/models/mongoid/rememberable_fields.rb +12 -0
- data/test/dummy/app/models/mongoid/secure_validatable_fields.rb +13 -0
- data/test/dummy/app/models/mongoid/security_questionable_fields.rb +15 -0
- data/test/dummy/app/models/mongoid/session_limitable_fields.rb +12 -0
- data/test/dummy/app/models/mongoid/timeoutable_fields.rb +11 -0
- data/test/dummy/app/models/mongoid/trackable_fields.rb +16 -0
- data/test/dummy/app/models/mongoid/validatable_fields.rb +9 -0
- data/test/dummy/app/models/paranoid_verification_user.rb +26 -0
- data/test/dummy/app/models/password_expired_user.rb +26 -0
- data/test/dummy/app/models/security_question_user.rb +9 -4
- data/test/dummy/app/models/user.rb +16 -1
- data/test/dummy/app/models/widget.rb +4 -0
- data/test/dummy/app/mongoid/admin.rb +31 -0
- data/test/dummy/app/mongoid/one_user.rb +58 -0
- data/test/dummy/app/mongoid/shim.rb +25 -0
- data/test/dummy/app/mongoid/user_on_engine.rb +41 -0
- data/test/dummy/app/mongoid/user_on_main_app.rb +41 -0
- data/test/dummy/app/mongoid/user_with_validations.rb +37 -0
- data/test/dummy/app/mongoid/user_without_email.rb +38 -0
- data/test/dummy/config/application.rb +13 -11
- data/test/dummy/config/boot.rb +3 -1
- data/test/dummy/config/environment.rb +3 -1
- data/test/dummy/config/environments/test.rb +6 -13
- data/test/dummy/config/initializers/devise.rb +6 -3
- data/test/dummy/config/initializers/migration_class.rb +3 -6
- data/test/dummy/config/locales/en.yml +10 -0
- data/test/dummy/config/mongoid.yml +6 -0
- data/test/dummy/config/routes.rb +8 -3
- data/test/dummy/config.ru +3 -1
- data/test/dummy/db/migrate/20120508165529_create_tables.rb +17 -6
- data/test/dummy/db/migrate/20150402165590_add_verification_columns.rb +2 -0
- data/test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb +2 -0
- data/test/dummy/db/migrate/20160320162345_add_security_questions_fields.rb +2 -0
- data/test/dummy/db/migrate/20180318103603_add_expireable_columns.rb +2 -0
- data/test/dummy/db/migrate/20180318105329_add_confirmable_columns.rb +2 -0
- data/test/dummy/db/migrate/20180318105732_add_rememberable_columns.rb +2 -0
- data/test/dummy/db/migrate/20180318111336_add_recoverable_columns.rb +2 -0
- data/test/dummy/db/migrate/20180319114023_add_widget.rb +2 -0
- data/test/dummy/lib/shared_expirable_columns.rb +15 -0
- data/test/dummy/lib/shared_security_questions_fields.rb +17 -0
- data/test/dummy/lib/shared_user.rb +43 -0
- data/test/dummy/lib/shared_user_with_password_verification.rb +13 -0
- data/test/dummy/lib/shared_user_without_omniauth.rb +24 -0
- data/test/dummy/lib/shared_verification_fields.rb +16 -0
- data/test/dummy/log/test.log +45240 -0
- data/test/i18n_test.rb +22 -0
- data/test/integration/test_paranoid_verification_code_workflow.rb +53 -0
- data/test/integration/test_password_expirable_workflow.rb +53 -0
- data/test/integration/test_session_limitable_workflow.rb +69 -0
- data/test/orm/active_record.rb +15 -0
- data/test/orm/mongoid.rb +13 -0
- data/test/support/integration_helpers.rb +35 -0
- data/test/support/mongoid.yml +6 -0
- data/test/test_compatibility.rb +15 -0
- data/test/test_complexity_validator.rb +282 -0
- data/test/test_database_authenticatable_patch.rb +146 -0
- data/test/test_helper.rb +41 -9
- data/test/test_install_generator.rb +20 -3
- data/test/test_paranoid_verification.rb +10 -9
- data/test/test_password_archivable.rb +37 -13
- data/test/test_password_expirable.rb +72 -9
- data/test/test_secure_validatable.rb +289 -55
- data/test/test_secure_validatable_overrides.rb +185 -0
- data/test/test_session_limitable.rb +57 -0
- data/test/tmp/config/initializers/devise_security.rb +52 -0
- data/test/tmp/config/locales/devise.security_extension.by.yml +50 -0
- data/test/tmp/config/locales/devise.security_extension.cs.yml +46 -0
- data/test/tmp/config/locales/devise.security_extension.de.yml +42 -0
- data/test/tmp/config/locales/devise.security_extension.en.yml +42 -0
- data/test/tmp/config/locales/devise.security_extension.es.yml +42 -0
- data/test/tmp/config/locales/devise.security_extension.fa.yml +42 -0
- data/test/tmp/config/locales/devise.security_extension.fr.yml +42 -0
- data/test/tmp/config/locales/devise.security_extension.hi.yml +43 -0
- data/test/tmp/config/locales/devise.security_extension.it.yml +42 -0
- data/test/tmp/config/locales/devise.security_extension.ja.yml +42 -0
- data/test/tmp/config/locales/devise.security_extension.nl.yml +42 -0
- data/test/tmp/config/locales/devise.security_extension.pt.yml +42 -0
- data/test/tmp/config/locales/devise.security_extension.ru.yml +50 -0
- data/test/tmp/config/locales/devise.security_extension.tr.yml +42 -0
- data/test/tmp/config/locales/devise.security_extension.uk.yml +50 -0
- data/test/tmp/config/locales/devise.security_extension.zh_CN.yml +42 -0
- data/test/tmp/config/locales/devise.security_extension.zh_TW.yml +42 -0
- metadata +290 -124
- data/.circleci/config.yml +0 -41
- data/.document +0 -5
- data/.gitignore +0 -40
- data/.rubocop.yml +0 -63
- data/.ruby-version +0 -1
- data/.travis.yml +0 -25
- data/Appraisals +0 -19
- data/Gemfile +0 -3
- data/Rakefile +0 -28
- data/devise-security.gemspec +0 -44
- data/gemfiles/rails_4.1_stable.gemfile +0 -8
- data/gemfiles/rails_4.2_stable.gemfile +0 -8
- data/gemfiles/rails_5.0_stable.gemfile +0 -8
- data/gemfiles/rails_5.1_stable.gemfile +0 -8
- data/gemfiles/rails_5.2_rc1.gemfile +0 -8
- data/lib/devise-security/models/old_password.rb +0 -4
- data/lib/devise-security/orm/active_record.rb +0 -18
- data/lib/devise-security/patches/confirmations_controller_captcha.rb +0 -21
- data/lib/devise-security/patches/confirmations_controller_security_question.rb +0 -24
- data/lib/devise-security/patches/passwords_controller_captcha.rb +0 -20
- data/lib/devise-security/patches/passwords_controller_security_question.rb +0 -23
- data/lib/devise-security/patches/registrations_controller_captcha.rb +0 -33
- data/lib/devise-security/patches/sessions_controller_captcha.rb +0 -24
- data/lib/devise-security/patches/unlocks_controller_captcha.rb +0 -20
- data/lib/devise-security/patches/unlocks_controller_security_question.rb +0 -23
- data/lib/devise-security/schema.rb +0 -64
- data/lib/generators/templates/devise-security.rb +0 -38
- data/test/dummy/app/controllers/foos_controller.rb +0 -0
- data/test/dummy/app/models/.gitkeep +0 -0
- data/test/dummy/app/models/secure_user.rb +0 -3
- data/test/test_password_expired_controller.rb +0 -44
- data/test/test_security_question_controller.rb +0 -84
data/.circleci/config.yml
DELETED
@@ -1,41 +0,0 @@
|
|
1
|
-
# Ruby CircleCI 2.0 configuration file
|
2
|
-
#
|
3
|
-
# Check https://circleci.com/docs/2.0/language-ruby/ for more details
|
4
|
-
#
|
5
|
-
version: 2
|
6
|
-
jobs:
|
7
|
-
build:
|
8
|
-
docker:
|
9
|
-
# specify the version you desire here
|
10
|
-
- image: circleci/ruby:2.4.1-node-browsers
|
11
|
-
|
12
|
-
# Specify service dependencies here if necessary
|
13
|
-
# CircleCI maintains a library of pre-built images
|
14
|
-
# documented at https://circleci.com/docs/2.0/circleci-images/
|
15
|
-
# - image: circleci/postgres:9.4
|
16
|
-
|
17
|
-
working_directory: ~/repo
|
18
|
-
|
19
|
-
steps:
|
20
|
-
- checkout
|
21
|
-
|
22
|
-
# Download and cache dependencies
|
23
|
-
- restore_cache:
|
24
|
-
keys:
|
25
|
-
# fallback to using the latest cache if no exact match is found
|
26
|
-
- v1-dependencies-
|
27
|
-
|
28
|
-
- run:
|
29
|
-
name: install dependencies
|
30
|
-
command: |
|
31
|
-
bundle install --jobs=4 --retry=3 --path vendor/bundle
|
32
|
-
|
33
|
-
- save_cache:
|
34
|
-
paths:
|
35
|
-
- ./vendor/bundle
|
36
|
-
key: v1-dependencies-{{ checksum "Gemfile.lock" }}
|
37
|
-
|
38
|
-
# run tests!
|
39
|
-
- run:
|
40
|
-
name: run tests
|
41
|
-
command: bundle exec rake
|
data/.document
DELETED
data/.gitignore
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
test/rails_app/log/*
|
2
|
-
test/rails_app/tmp/*
|
3
|
-
*~
|
4
|
-
coverage/*
|
5
|
-
*.sqlite3
|
6
|
-
.bundle
|
7
|
-
rdoc/*
|
8
|
-
pkg
|
9
|
-
# Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore:
|
10
|
-
#
|
11
|
-
# * Create a file at ~/.gitignore
|
12
|
-
# * Include files you want ignored
|
13
|
-
# * Run: git config --global core.excludesfile ~/.gitignore
|
14
|
-
#
|
15
|
-
# After doing this, these files will be ignored in all your git projects,
|
16
|
-
# saving you from having to 'pollute' every project you touch with them
|
17
|
-
#
|
18
|
-
# Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
|
19
|
-
#
|
20
|
-
# For MacOS:
|
21
|
-
#
|
22
|
-
#.DS_Store
|
23
|
-
#
|
24
|
-
# For TextMate
|
25
|
-
#*.tmproj
|
26
|
-
#tmtags
|
27
|
-
#
|
28
|
-
# For emacs:
|
29
|
-
#*~
|
30
|
-
#\#*
|
31
|
-
#.\#*
|
32
|
-
#
|
33
|
-
# For vim:
|
34
|
-
#*.swp
|
35
|
-
|
36
|
-
log
|
37
|
-
test/tmp/*
|
38
|
-
*.gem
|
39
|
-
Gemfile.lock
|
40
|
-
*.lock
|
data/.rubocop.yml
DELETED
@@ -1,63 +0,0 @@
|
|
1
|
-
AllCops:
|
2
|
-
TargetRubyVersion: 2.3
|
3
|
-
Include:
|
4
|
-
- '**/Rakefile'
|
5
|
-
- '**/config.ru'
|
6
|
-
- 'lib/tasks/**/*'
|
7
|
-
Exclude:
|
8
|
-
- Gemfile*
|
9
|
-
- 'db/**/*'
|
10
|
-
- 'config/**/*'
|
11
|
-
- 'bin/**/*'
|
12
|
-
- 'vendor/bundle/**/*'
|
13
|
-
- 'spec/support/**/*' # rspec support helpers have a strange api
|
14
|
-
|
15
|
-
Rails:
|
16
|
-
Enabled: true
|
17
|
-
|
18
|
-
# We don't care about method length, since we check method cyclomatic
|
19
|
-
# complexity.
|
20
|
-
Metrics/MethodLength:
|
21
|
-
Enabled: false
|
22
|
-
|
23
|
-
Metrics/LineLength:
|
24
|
-
Max: 100
|
25
|
-
|
26
|
-
Naming/FileName:
|
27
|
-
Exclude: ["devise-security.gemspec"]
|
28
|
-
|
29
|
-
Style/ClassAndModuleChildren:
|
30
|
-
EnforcedStyle: compact
|
31
|
-
SupportedStyles:
|
32
|
-
- nested
|
33
|
-
- compact
|
34
|
-
|
35
|
-
Style/HashSyntax:
|
36
|
-
EnforcedStyle: ruby19
|
37
|
-
|
38
|
-
Style/SymbolArray:
|
39
|
-
EnforcedStyle: brackets
|
40
|
-
|
41
|
-
# Trailing commas make for clearer diffs because the last line won't appear
|
42
|
-
# to have been changed, as it would if it lacked a comma and had one added.
|
43
|
-
Style/TrailingCommaInArrayLiteral:
|
44
|
-
EnforcedStyleForMultiline: comma
|
45
|
-
Style/TrailingCommaInHashLiteral:
|
46
|
-
EnforcedStyleForMultiline: comma
|
47
|
-
Style/TrailingCommaInArguments:
|
48
|
-
EnforcedStyleForMultiline: comma
|
49
|
-
|
50
|
-
# Cop supports --auto-correct.
|
51
|
-
# Configuration parameters: PreferredDelimiters.
|
52
|
-
Style/PercentLiteralDelimiters:
|
53
|
-
PreferredDelimiters:
|
54
|
-
# Using `[]` for string arrays instead of `()`, since normal arrays are
|
55
|
-
# indicated with `[]` not `()`.
|
56
|
-
'%w': '[]'
|
57
|
-
'%W': '[]'
|
58
|
-
|
59
|
-
Style/AndOr:
|
60
|
-
# Whether `and` and `or` are banned only in conditionals (conditionals)
|
61
|
-
# or completely (always).
|
62
|
-
# They read better, more like normal English.
|
63
|
-
Enabled: false
|
data/.ruby-version
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
2.2.9
|
data/.travis.yml
DELETED
@@ -1,25 +0,0 @@
|
|
1
|
-
language: ruby
|
2
|
-
before_install: gem install bundler && bundler -v
|
3
|
-
install: bundle install --jobs=3 --retry=3
|
4
|
-
before_script: bundle install
|
5
|
-
script: bundle exec rake
|
6
|
-
rvm:
|
7
|
-
- 2.2.9
|
8
|
-
- 2.3.6
|
9
|
-
- 2.4.3
|
10
|
-
- 2.5.0
|
11
|
-
- ruby-head
|
12
|
-
matrix:
|
13
|
-
allow_failures:
|
14
|
-
- rvm: ruby-head
|
15
|
-
- gemfile: gemfiles/rails_5.2_rc1.gemfile
|
16
|
-
- rvm: 2.4.3
|
17
|
-
gemfile: gemfiles/rails_4.1_stable.gemfile
|
18
|
-
- rvm: 2.5.0
|
19
|
-
gemfile: gemfiles/rails_4.1_stable.gemfile
|
20
|
-
gemfile:
|
21
|
-
- gemfiles/rails_4.1_stable.gemfile
|
22
|
-
- gemfiles/rails_4.2_stable.gemfile
|
23
|
-
- gemfiles/rails_5.0_stable.gemfile
|
24
|
-
- gemfiles/rails_5.1_stable.gemfile
|
25
|
-
- gemfiles/rails_5.2_rc1.gemfile
|
data/Appraisals
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
appraise 'rails-4.1-stable' do
|
2
|
-
gem 'rails', '~> 4.1.0'
|
3
|
-
end
|
4
|
-
|
5
|
-
appraise 'rails-4.2-stable' do
|
6
|
-
gem 'rails', '~> 4.2.0'
|
7
|
-
end
|
8
|
-
|
9
|
-
appraise 'rails-5.0-stable' do
|
10
|
-
gem 'rails', '~> 5.0.0'
|
11
|
-
end
|
12
|
-
|
13
|
-
appraise 'rails-5.1-stable' do
|
14
|
-
gem 'rails', '~> 5.1.0'
|
15
|
-
end
|
16
|
-
|
17
|
-
appraise 'rails-5.2-rc1' do
|
18
|
-
gem 'rails', '~> 5.2.0.rc1'
|
19
|
-
end
|
data/Gemfile
DELETED
data/Rakefile
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
$LOAD_PATH.unshift File.join(File.dirname(__FILE__), 'lib')
|
4
|
-
require 'rubygems'
|
5
|
-
require 'bundler'
|
6
|
-
require 'rake/testtask'
|
7
|
-
require 'rdoc/task'
|
8
|
-
require 'devise-security/version'
|
9
|
-
|
10
|
-
desc 'Default: Run DeviseSecurity unit tests'
|
11
|
-
task default: :test
|
12
|
-
|
13
|
-
Rake::TestTask.new(:test) do |t|
|
14
|
-
t.libs << 'lib'
|
15
|
-
t.libs << 'test'
|
16
|
-
t.test_files = FileList['test/*test*.rb']
|
17
|
-
t.verbose = true
|
18
|
-
t.warning = false
|
19
|
-
end
|
20
|
-
|
21
|
-
Rake::RDocTask.new do |rdoc|
|
22
|
-
version = DeviseSecurity::VERSION.dup
|
23
|
-
|
24
|
-
rdoc.rdoc_dir = 'rdoc'
|
25
|
-
rdoc.title = "devise-security #{version}"
|
26
|
-
rdoc.rdoc_files.include('README*')
|
27
|
-
rdoc.rdoc_files.include('lib/**/*.rb')
|
28
|
-
end
|
data/devise-security.gemspec
DELETED
@@ -1,44 +0,0 @@
|
|
1
|
-
# -*- encoding: utf-8 -*-
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
$LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
5
|
-
require 'devise-security/version'
|
6
|
-
|
7
|
-
Gem::Specification.new do |s|
|
8
|
-
s.name = 'devise-security'
|
9
|
-
s.version = DeviseSecurity::VERSION.dup
|
10
|
-
s.platform = Gem::Platform::RUBY
|
11
|
-
s.licenses = ['MIT']
|
12
|
-
s.summary = 'Security extension for devise'
|
13
|
-
s.email = 'natebird@gmail.com'
|
14
|
-
s.homepage = 'https://github.com/devise-security/devise-security'
|
15
|
-
s.description = 'An enterprise security extension for devise.'
|
16
|
-
s.authors = [
|
17
|
-
'Marco Scholl', 'Alexander Dreher', 'Nate Bird', 'Dillon Welch'
|
18
|
-
]
|
19
|
-
|
20
|
-
s.files = `git ls-files`.split("\n")
|
21
|
-
s.test_files = `git ls-files -- test/*`.split("\n")
|
22
|
-
s.require_paths = ['lib']
|
23
|
-
s.required_ruby_version = '>= 2.2.9'
|
24
|
-
|
25
|
-
if RUBY_VERSION >= '2.4'
|
26
|
-
s.add_runtime_dependency 'rails', '>= 4.1.0', '< 6.0'
|
27
|
-
else
|
28
|
-
s.add_runtime_dependency 'railties', '>= 4.1.0', '< 6.0'
|
29
|
-
end
|
30
|
-
s.add_runtime_dependency 'devise', '>= 4.2.0', '< 5.0'
|
31
|
-
|
32
|
-
s.add_development_dependency 'appraisal'
|
33
|
-
s.add_development_dependency 'bundler', '>= 1.3.0', '< 2.0'
|
34
|
-
s.add_development_dependency 'coveralls', '~> 0.8'
|
35
|
-
s.add_development_dependency 'easy_captcha', '~> 0'
|
36
|
-
s.add_development_dependency 'm'
|
37
|
-
s.add_development_dependency 'minitest', '5.10.3' # see https://github.com/seattlerb/minitest/issues/730
|
38
|
-
s.add_development_dependency 'pry-byebug'
|
39
|
-
s.add_development_dependency 'pry-rescue'
|
40
|
-
s.add_development_dependency 'pry'
|
41
|
-
s.add_development_dependency 'rails_email_validator', '~> 0'
|
42
|
-
s.add_development_dependency 'rubocop', '~> 0'
|
43
|
-
s.add_development_dependency 'sqlite3', '~> 1.3', '>= 1.3.10'
|
44
|
-
end
|
@@ -1,18 +0,0 @@
|
|
1
|
-
module DeviseSecurity
|
2
|
-
module Orm
|
3
|
-
# This module contains some helpers and handle schema (migrations):
|
4
|
-
#
|
5
|
-
# create_table :accounts do |t|
|
6
|
-
# t.password_expirable
|
7
|
-
# end
|
8
|
-
#
|
9
|
-
module ActiveRecord
|
10
|
-
module Schema
|
11
|
-
include DeviseSecurity::Schema
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
ActiveRecord::ConnectionAdapters::Table.send :include, DeviseSecurity::Orm::ActiveRecord::Schema
|
18
|
-
ActiveRecord::ConnectionAdapters::TableDefinition.send :include, DeviseSecurity::Orm::ActiveRecord::Schema
|
@@ -1,21 +0,0 @@
|
|
1
|
-
module DeviseSecurity::Patches
|
2
|
-
module ConfirmationsControllerCaptcha
|
3
|
-
extend ActiveSupport::Concern
|
4
|
-
included do
|
5
|
-
define_method :create do
|
6
|
-
if valid_captcha_if_defined?(params[:captcha])
|
7
|
-
self.resource = resource_class.send_confirmation_instructions(params[resource_name])
|
8
|
-
|
9
|
-
if successfully_sent?(resource)
|
10
|
-
respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
|
11
|
-
else
|
12
|
-
respond_with(resource)
|
13
|
-
end
|
14
|
-
else
|
15
|
-
flash[:alert] = t('devise.invalid_captcha') if is_navigational_format?
|
16
|
-
respond_with({}, location: new_confirmation_path(resource_name))
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
module DeviseSecurity::Patches
|
2
|
-
module ConfirmationsControllerSecurityQuestion
|
3
|
-
extend ActiveSupport::Concern
|
4
|
-
included do
|
5
|
-
define_method :create do
|
6
|
-
# only find via email, not login
|
7
|
-
resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
|
8
|
-
|
9
|
-
if valid_captcha_or_security_question?(resource, params)
|
10
|
-
self.resource = resource_class.send_confirmation_instructions(params[resource_name])
|
11
|
-
|
12
|
-
if successfully_sent?(resource)
|
13
|
-
respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
|
14
|
-
else
|
15
|
-
respond_with(resource)
|
16
|
-
end
|
17
|
-
else
|
18
|
-
flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
|
19
|
-
respond_with({}, location: new_confirmation_path(resource_name))
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
@@ -1,20 +0,0 @@
|
|
1
|
-
module DeviseSecurity::Patches
|
2
|
-
module PasswordsControllerCaptcha
|
3
|
-
extend ActiveSupport::Concern
|
4
|
-
included do
|
5
|
-
define_method :create do
|
6
|
-
if valid_captcha_if_defined?(params[:captcha])
|
7
|
-
self.resource = resource_class.send_reset_password_instructions(params[resource_name])
|
8
|
-
if successfully_sent?(resource)
|
9
|
-
respond_with({}, location: new_session_path(resource_name))
|
10
|
-
else
|
11
|
-
respond_with(resource)
|
12
|
-
end
|
13
|
-
else
|
14
|
-
flash[:alert] = t('devise.invalid_captcha') if is_navigational_format?
|
15
|
-
respond_with({}, location: new_password_path(resource_name))
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
@@ -1,23 +0,0 @@
|
|
1
|
-
module DeviseSecurity::Patches
|
2
|
-
module PasswordsControllerSecurityQuestion
|
3
|
-
extend ActiveSupport::Concern
|
4
|
-
included do
|
5
|
-
define_method :create do
|
6
|
-
# only find via email, not login
|
7
|
-
resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
|
8
|
-
|
9
|
-
if valid_captcha_or_security_question?(resource, params)
|
10
|
-
self.resource = resource_class.send_reset_password_instructions(params[resource_name])
|
11
|
-
if successfully_sent?(resource)
|
12
|
-
respond_with({}, location: new_session_path(resource_name))
|
13
|
-
else
|
14
|
-
respond_with(resource)
|
15
|
-
end
|
16
|
-
else
|
17
|
-
flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
|
18
|
-
respond_with({}, location: new_password_path(resource_name))
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
@@ -1,33 +0,0 @@
|
|
1
|
-
module DeviseSecurity::Patches
|
2
|
-
module RegistrationsControllerCaptcha
|
3
|
-
extend ActiveSupport::Concern
|
4
|
-
included do
|
5
|
-
define_method :create do |&block|
|
6
|
-
build_resource(sign_up_params)
|
7
|
-
|
8
|
-
if valid_captcha_if_defined?(params[:captcha])
|
9
|
-
if resource.save
|
10
|
-
block.call(resource) if block
|
11
|
-
if resource.active_for_authentication?
|
12
|
-
set_flash_message :notice, :signed_up if is_flashing_format?
|
13
|
-
sign_up(resource_name, resource)
|
14
|
-
respond_with resource, location: after_sign_up_path_for(resource)
|
15
|
-
else
|
16
|
-
set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format?
|
17
|
-
expire_data_after_sign_in!
|
18
|
-
respond_with resource, location: after_inactive_sign_up_path_for(resource)
|
19
|
-
end
|
20
|
-
else
|
21
|
-
clean_up_passwords resource
|
22
|
-
respond_with resource
|
23
|
-
end
|
24
|
-
|
25
|
-
else
|
26
|
-
resource.errors.add :base, t('devise.invalid_captcha')
|
27
|
-
clean_up_passwords resource
|
28
|
-
respond_with resource
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
module DeviseSecurity::Patches
|
2
|
-
module SessionsControllerCaptcha
|
3
|
-
extend ActiveSupport::Concern
|
4
|
-
included do
|
5
|
-
define_method :create do |&block|
|
6
|
-
if valid_captcha_if_defined?(params[:captcha])
|
7
|
-
self.resource = warden.authenticate!(auth_options)
|
8
|
-
set_flash_message(:notice, :signed_in) if is_flashing_format?
|
9
|
-
sign_in(resource_name, resource)
|
10
|
-
block.call(resource) if block
|
11
|
-
respond_with resource, location: after_sign_in_path_for(resource)
|
12
|
-
else
|
13
|
-
flash[:alert] = t('devise.invalid_captcha') if is_flashing_format?
|
14
|
-
respond_with({}, location: new_session_path(resource_name))
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
# for bad protected use in controller
|
19
|
-
define_method :auth_options do
|
20
|
-
{ scope: resource_name, recall: "#{controller_path}#new" }
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
@@ -1,20 +0,0 @@
|
|
1
|
-
module DeviseSecurity::Patches
|
2
|
-
module UnlocksControllerCaptcha
|
3
|
-
extend ActiveSupport::Concern
|
4
|
-
included do
|
5
|
-
define_method :create do
|
6
|
-
if valid_captcha_if_defined?(params[:captcha])
|
7
|
-
self.resource = resource_class.send_unlock_instructions(params[resource_name])
|
8
|
-
if successfully_sent?(resource)
|
9
|
-
respond_with({}, location: new_session_path(resource_name))
|
10
|
-
else
|
11
|
-
respond_with(resource)
|
12
|
-
end
|
13
|
-
else
|
14
|
-
flash[:alert] = t('devise.invalid_captcha') if is_navigational_format?
|
15
|
-
respond_with({}, location: new_unlock_path(resource_name))
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
@@ -1,23 +0,0 @@
|
|
1
|
-
module DeviseSecurity::Patches
|
2
|
-
module UnlocksControllerSecurityQuestion
|
3
|
-
extend ActiveSupport::Concern
|
4
|
-
included do
|
5
|
-
define_method :create do
|
6
|
-
# only find via email, not login
|
7
|
-
resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
|
8
|
-
|
9
|
-
if valid_captcha_or_security_question?(resource, params)
|
10
|
-
self.resource = resource_class.send_unlock_instructions(params[resource_name])
|
11
|
-
if successfully_sent?(resource)
|
12
|
-
respond_with({}, location: new_session_path(resource_name))
|
13
|
-
else
|
14
|
-
respond_with(resource)
|
15
|
-
end
|
16
|
-
else
|
17
|
-
flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
|
18
|
-
respond_with({}, location: new_unlock_path(resource_name))
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
module DeviseSecurity
|
2
|
-
# add schema helper for migrations
|
3
|
-
module Schema
|
4
|
-
# Add password_changed_at columns in the resource's database table.
|
5
|
-
#
|
6
|
-
# Examples
|
7
|
-
#
|
8
|
-
# # For a new resource migration:
|
9
|
-
# create_table :the_resources do |t|
|
10
|
-
# t.password_expirable
|
11
|
-
# ...
|
12
|
-
# end
|
13
|
-
#
|
14
|
-
# # or if the resource's table already exists, define a migration and put this in:
|
15
|
-
# change_table :the_resources do |t|
|
16
|
-
# t.datetime :password_changed_at
|
17
|
-
# end
|
18
|
-
#
|
19
|
-
def password_expirable
|
20
|
-
apply_devise_schema :password_changed_at, DateTime
|
21
|
-
end
|
22
|
-
|
23
|
-
# Add password_archivable columns
|
24
|
-
#
|
25
|
-
# Examples
|
26
|
-
#
|
27
|
-
# create_table :old_passwords do
|
28
|
-
# t.password_archivable
|
29
|
-
# end
|
30
|
-
# add_index :old_passwords, [:password_archivable_type, :password_archivable_id], name: :index_password_archivable
|
31
|
-
#
|
32
|
-
def password_archivable
|
33
|
-
apply_devise_schema :encrypted_password, String, limit: 128, null: false
|
34
|
-
apply_devise_schema :password_salt, String
|
35
|
-
apply_devise_schema :password_archivable_id, Integer, null: false
|
36
|
-
apply_devise_schema :password_archivable_type, String, null: false
|
37
|
-
apply_devise_schema :created_at, DateTime
|
38
|
-
end
|
39
|
-
|
40
|
-
# Add session_limitable columns in the resource's database table.
|
41
|
-
#
|
42
|
-
# Examples
|
43
|
-
#
|
44
|
-
# # For a new resource migration:
|
45
|
-
# create_table :the_resources do |t|
|
46
|
-
# t.session_limitable
|
47
|
-
# ...
|
48
|
-
# end
|
49
|
-
#
|
50
|
-
# # or if the resource's table already exists, define a migration and put this in:
|
51
|
-
# change_table :the_resources do |t|
|
52
|
-
# t.string :unique_session_id, limit: 20
|
53
|
-
# end
|
54
|
-
#
|
55
|
-
def session_limitable
|
56
|
-
apply_devise_schema :unique_session_id, String, limit: 20
|
57
|
-
end
|
58
|
-
|
59
|
-
def expirable
|
60
|
-
apply_devise_schema :expired_at, DateTime
|
61
|
-
apply_devise_schema :last_activity_at, DateTime
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
@@ -1,38 +0,0 @@
|
|
1
|
-
Devise.setup do |config|
|
2
|
-
# ==> Security Extension
|
3
|
-
# Configure security extension for devise
|
4
|
-
|
5
|
-
# Should the password expire (e.g 3.months)
|
6
|
-
# config.expire_password_after = false
|
7
|
-
|
8
|
-
# Need 1 char of A-Z, a-z and 0-9
|
9
|
-
# config.password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
|
10
|
-
|
11
|
-
# How many passwords to keep in archive
|
12
|
-
# config.password_archiving_count = 5
|
13
|
-
|
14
|
-
# Deny old password (true, false, count)
|
15
|
-
# config.deny_old_passwords = true
|
16
|
-
|
17
|
-
# enable email validation for :secure_validatable. (true, false, validation_options)
|
18
|
-
# dependency: need an email validator like rails_email_validator
|
19
|
-
# config.email_validation = true
|
20
|
-
|
21
|
-
# captcha integration for recover form
|
22
|
-
# config.captcha_for_recover = true
|
23
|
-
|
24
|
-
# captcha integration for sign up form
|
25
|
-
# config.captcha_for_sign_up = true
|
26
|
-
|
27
|
-
# captcha integration for sign in form
|
28
|
-
# config.captcha_for_sign_in = true
|
29
|
-
|
30
|
-
# captcha integration for unlock form
|
31
|
-
# config.captcha_for_unlock = true
|
32
|
-
|
33
|
-
# captcha integration for confirmation form
|
34
|
-
# config.captcha_for_confirmation = true
|
35
|
-
|
36
|
-
# Time period for account expiry from last_activity_at
|
37
|
-
# config.expire_after = 90.days
|
38
|
-
end
|
File without changes
|
File without changes
|